Deleted member 65228

Guest

I believe it is to do with installation of Windows Metro applications, the general ones such as your Mail application. Since the "appxpackage" is related to such packages, and there's the "add-" linked up to the instruction. Either a new application was added (Metro style) to the FCU environments, or a re-installation/update happened for one.

I don't think you need to worry about any of it; you were installing the Creators Update and it happened afterwards after all. It's natural for Windows to do additional things in the background after a major update, and the Fall Creators Update changed a whole ton of things so it's not out of the ordinary in my opinion.

You can try to track the execution of the Powershell back to the responsible culprit process, I'm sure you're fine. On that note, I recommend disabling Powershell unless you really need it because a lot of "file-less" attacks as people call them tend to like it.

I believe this is what was installed via the Powershell command. It's to do with videos/codecs. It allows you to play content in 4K/Ultra HD system-wide across all apps for HEVC content. You'd have to educate me on HEVC because I don't know much on media terms.

Level 71

I believe it is to do with installation of Windows Metro applications, the general ones such as your Mail application. Since the "appxpackage" is related to such packages, and there's the "add-" linked up to the instruction. Either a new application was added (Metro style) to the FCU environments, or a re-installation/update happened for one.

I don't think you need to worry about any of it; you were installing the Creators Update and it happened afterwards after all. It's natural for Windows to do additional things in the background after a major update, and the Fall Creators Update changed a whole ton of things so it's not out of the ordinary in my opinion.

You can try to track the execution of the Powershell back to the responsible culprit process, I'm sure you're fine. On that note, I recommend disabling Powershell unless you really need it because a lot of "file-less" attacks as people call them tend to like it.

I believe this is what was installed via the Powershell command. It's to do with videos/codecs. It allows you to play content in 4K/Ultra HD system-wide across all apps for HEVC content. You'd have to educate me on HEVC because I don't know much on media terms.

Thanks.
When I saw all that appxpackage stuff in the command line, it looked to me like typical Microsoft jargon, so I just assumed that Voodooshield was blocking a false positive, and I sent it on to Dan. But he wasn't happy with "powershell" -noprofile -noninteractive -inputformat none -executionpolicy bypass , which he says is typical of malware.

Anyways, HitmanPro didn't find anything to speak of on my system, so I am not worried. I will sleep tonight.

So if a user totally disables powershell, he won't get those store installs/uninstalls. That could be either bad or good, depending on one's opinion of stuff from the microsoft store.
Actually, installation requires a high level of privileges, so even restricting powershell (like with Appguard "guarded apps") would interfere. Correct?

Deleted member 65228

Guest

Well Microsoft own Windows and thus their own components are active (their kernel for the OS, their components either elevated or not, etc.). Therefore, if Microsoft want, they can push out an update at any time which will temporarily enable Powershell for them to execute Powershell scripts, and then re-disable it.

Then again I am sure they have a non-Powershell variant of what they needed to do somewhere and if not I doubt it'd be tricky for them to make one in a short time span for people who have it disabled.

Level 35

So if a user totally disables powershell, he won't get those store installs/uninstalls. That could be either bad or good, depending on one's opinion of stuff from the microsoft store.
Actually, installation requires a high level of privileges, so even restricting powershell (like with Appguard "guarded apps") would interfere. Correct?

We use cookies to improve your browsing experience on our site, show personalized content and targeted ads, analyze site traffic, and understand where our audience is coming from.
By continuing to use this site, you are consenting to our use of cookies.